From 2b0c8ee37dc21cce09cf5e5b75d738ebc79235f3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 18 Jul 2013 10:31:52 +0200 Subject: [PATCH] ike-sa: uninstall CHILD_SAs before removing virtual IPs a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes for CHILD_SAs might get deleted while removing virtual IPs, resulting in an error when a CHILD_SA tries to uninstall its route. --- src/libcharon/sa/ike_sa.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index aa04d15d42..508612034c 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -2123,6 +2123,7 @@ METHOD(ike_sa_t, destroy, void, private_ike_sa_t *this) { attribute_entry_t entry; + child_sa_t *child_sa; host_t *vip; charon->bus->set_sa(charon->bus, &this->public); @@ -2137,6 +2138,12 @@ METHOD(ike_sa_t, destroy, void, this->other_id, entry.type, entry.data); free(entry.data.ptr); } + /* uninstall CHILD_SAs before virtual IPs, otherwise we might kill + * routes that the CHILD_SA tries to uninstall. */ + while (array_remove(this->child_sas, ARRAY_TAIL, &child_sa)) + { + child_sa->destroy(child_sa); + } while (array_remove(this->my_vips, ARRAY_TAIL, &vip)) { hydra->kernel_interface->del_ip(hydra->kernel_interface, vip, -1, TRUE); @@ -2165,7 +2172,7 @@ METHOD(ike_sa_t, destroy, void, /* unset SA after here to avoid usage by the listeners */ charon->bus->set_sa(charon->bus, NULL); - array_destroy_offset(this->child_sas, offsetof(child_sa_t, destroy)); + array_destroy(this->child_sas); DESTROY_IF(this->keymat); array_destroy(this->attributes); array_destroy(this->my_vips); -- 2.47.2